TellYouThePass: Ransomware Attacks Exploits Critical PHP RCE Vulnerability
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 44cc0542-a3f5-4c6b-8ba7-732ecfbf69d7 |
| Fingerprint | b42717c53b22c253 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Aug. 1, 2024, 1:57 a.m. |
| Added to db | Aug. 31, 2024, 8:07 a.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | TellYouThePass: Ransomware Attacks Exploits Critical PHP RCE Vulnerability |
| Title | TellYouThePass: Ransomware Attacks Exploits Critical PHP RCE Vulnerability |
| Detected Hints/Tags/Attributes | 45/1/65 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 220 | ✔ | Stories by S2W on Medium | https://s2w.medium.com/feed | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 47 | cve-2024-4577 |
|
| Details | CVE | 126 | cve-2017-0144 |
|
| Details | CVE | 397 | cve-2021-44228 |
|
| Details | CVE | 122 | cve-2022-26134 |
|
| Details | CVE | 84 | cve-2023-46604 |
|
| Details | Domain | 23 | gate.io |
|
| Details | Domain | 30 | www.php.net |
|
| Details | Domain | 8 | censys.com |
|
| Details | Domain | 1 | lookerstudio.google.com |
|
| Details | Domain | 100 | cert.360.cn |
|
| Details | Domain | 9 | cloud.tencent.com |
|
| Details | Domain | 4 | itm4n.github.io |
|
| Details | Domain | 10 | www.pentestpartners.com |
|
| Details | Domain | 3 | decoder.cloud |
|
| Details | Domain | 13 | id-ransomware.blogspot.com |
|
| Details | Domain | 41 | www.freebuf.com |
|
| Details | Domain | 5 | www.secpulse.com |
|
| Details | Domain | 208 | mp.weixin.qq.com |
|
| Details | Domain | 1373 | twitter.com |
|
| Details | Domain | 641 | nvd.nist.gov |
|
| Details | Domain | 30 | s2w.inc |
|
| Details | Domain | 335 | www.facebook.com |
|
| Details | File | 478 | lsass.exe |
|
| Details | File | 131 | spoolsv.exe |
|
| Details | File | 1018 | rundll32.exe |
|
| Details | File | 1 | blindingedr.exe |
|
| Details | File | 2125 | cmd.exe |
|
| Details | File | 1 | show13.txt |
|
| Details | File | 2 | read_me10.html |
|
| Details | File | 43 | www.php |
|
| Details | File | 1 | tellyouthepass-ransomware.html |
|
| Details | File | 1 | 206961.html |
|
| Details | File | 1 | 244123.html |
|
| Details | File | 1 | 171335.html |
|
| Details | File | 28 | s2w.inc |
|
| Details | md5 | 1 | 9fde4e9391c9fbc31ee7f2dcbc5be2f3 |
|
| Details | IPv4 | 2 | 88.218.76.13 |
|
| Details | Url | 1 | http://88.218.76.13/d3.hta |
|
| Details | Url | 1 | https://www.php.net/downloads |
|
| Details | Url | 2 | https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en |
|
| Details | Url | 1 | https://censys.com/cve-2024-4577 |
|
| Details | Url | 1 | https://lookerstudio.google.com/u/0/reporting/f7302c0e-5d60-41c5-8638-6a950e18cf0f/page/tennc |
|
| Details | Url | 2 | https://www.imperva.com/blog/update-cve-2024-4577-quickly-weaponized-to-distribute-tellyouthepass-ransomware |
|
| Details | Url | 2 | https://cert.360.cn/report/detail?id=65fceeb4c09f255b91b17f11 |
|
| Details | Url | 1 | https://cloud.tencent.com/developer/article/2403456 |
|
| Details | Url | 1 | https://itm4n.github.io/printspoofer-abusing-impersonate-privileges |
|
| Details | Url | 1 | https://www.pentestpartners.com/security-blog/sweetpotato-service-to-system |
|
| Details | Url | 1 | https://decoder.cloud/2019/12/06/we-thought-they-were-potatoes-but-they-were-beans |
|
| Details | Url | 1 | https://id-ransomware.blogspot.com/2019/03/tellyouthepass-ransomware.html |
|
| Details | Url | 1 | https://www.freebuf.com/articles/network/206961.html |
|
| Details | Url | 1 | https://www.freebuf.com/articles/system/244123.html |
|
| Details | Url | 1 | https://www.bleepingcomputer.com/news/security/tellyouthepass-ransomware-revived-in-linux-windows-log4j-attacks |
|
| Details | Url | 1 | https://www.secpulse.com/archives/171335.html |
|
| Details | Url | 1 | https://www.bleepingcomputer.com/news/security/tellyouthepass-ransomware-returns-as-a-cross-platform-golang-threat |
|
| Details | Url | 1 | https://mp.weixin.qq.com/s/1-h_ldoelqkxvp1tzsdewa |
|
| Details | Url | 1 | https://twitter.com/nigroeneveld/status/1800876501077782990 |
|
| Details | Url | 1 | https://cert.360.cn/report/detail?id=9fde4e9391c9fbc31ee7f2dcbc5be2f3 |
|
| Details | Url | 1 | https://nvd.nist.gov/vuln/detail/cve-2017-0144 |
|
| Details | Url | 12 | https://nvd.nist.gov/vuln/detail/cve-2021-44228 |
|
| Details | Url | 1 | https://nvd.nist.gov/vuln/detail/cve-2022-26134 |
|
| Details | Url | 1 | https://nvd.nist.gov/vuln/detail/cve-2023-46604 |
|
| Details | Url | 2 | https://nvd.nist.gov/vuln/detail/cve-2024-4577 |
|
| Details | Url | 27 | https://s2w.inc |
|
| Details | Url | 32 | https://www.facebook.com/s2wlab |
|
| Details | Url | 27 | https://twitter.com/s2w_official |